A breach of breaches past has come back to haunt us. Last week, a cybersecurity expert discovered a that a collection of over 5 billion records from previous data dumps were left exposed and publicly accessible. What’s worse, the exposure reportedly occurred at the hands of a cybersecurity firm. Because all of the data was previously exposed, no new information was put at risk. However, the size and sensitive nature of the data involved could lead to renewed risk for victims of previous breaches
What was Exposed and How?
A UK-based firm created a database of exposed information from some of the biggest data dumps between 2012 and 2019. This includes records from well-known data dumps such as Adobe, Last.FM, Twitter, LinkedIn, and others. What’s more, the records within the database includes some highly-sensitive such as emails and passwords. The exact reason for compiling this database is not yet clear.
NOTE: Company’s data and customer records were not exposed, incident involved only previously reported data breaches collections.
The incident was not the result of any malicious action. Instead, the firm placed the records in Elasticsearch, an open source data and analytics search engine, and neglected to use any password protection or firewalls to keep the database private.
The lack of such basic protections may be because Elasticsearch’s security features are disabled by default. In fact, Elasticsearch has suffered a series of similar breaches within the past few years. Only two months ago, 250 million records of Microsoft customers were exposed through similar misconfigurations on Elasticsearch servers. Given amount and size of these exposures, it is unclear why Elasticsearch has not taken more steps to ensure the security of their services.
Just because the data involved in this breach has all been previously leaked does not mean this incident isn’t something to be concerned about. According to reports, the records are extremely well structured, and the sheer size of the database makes the information easily accessible for hackers to use in phishing schemes or to resell online. This could lead to those whose records were previously exposed see a renewal of fraud attempts in the upcoming months.
Want to see if the breach of breaches past could come back to haunt you? We recommend going to haveibeenpwned.com. The website allows you to search any email address or passwords you have used to see if your information was exposed in previous breaches, including many of the breaches involved in this incident.
Subscribe to our blog here: https://mailchi.mp/90772cbff4db/dpblog